Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Connectivity problems with the US Army

From: David Gillett <gillettdavid () FHDA EDU>
Date: Fri, 19 Jan 2007 09:46:40 -0800
  No machines on our network were successfully infected by this
virus/worm.  After a few days of monitoring it, we closed port
2967 to all but a select subnet, and went on with life.  The volume
that reached here was never enough to consider blocking source ranges.

David Gillett



-----Original Message-----
From: Brock, Anthony - NET [mailto:Anthony.Brock () OREGONSTATE EDU]
Sent: Friday, January 19, 2007 9:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Connectivity problems with the US Army


-----Original Message-----
Maybe they meant 29 IPs were probing.  We saw around 35 of your IPs
either scanning port 2967 or actively attempting to exploit the
Symantec vulnerability against systems here.


Very possible. However, this still seems a bit extreme for
implementing a "permanent block" of this scale. Also, there
should be some method for notifying the affected site and
correcting the issue.

Tony
Previous By Date Next
Previous By Thread Next

Current thread: